CVE-2025-52577HIGH 8.8EPSS p38.8%

CVE-2025-52577CVE-2025-52577

Description

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.8% · 2026-06-18T12:00:27Z
Published2025-07-11
Last modified2025-07-23

Underlying weaknesses· 1

CWE-89

References

  1. https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53515
CVE
CVE-2025-53475
CVE
CVE-2025-46268
CVE
CVE-2025-4559
CVE
Ivanti Sentry OS Command Injection Vulnerability
CVE
CVE-2026-8111
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.